Massive Five-Year Hack Infiltrates U.S. Govt., UN, IOC

"Operation Shady RAT," a concerted effort by a single hacker or group of hackers, penetrated multiple U.S. government agencies, the United Nations, foreign governments, and many technology companies and defense contractors, a McAfee report disclosed Wednesday.

"Operation Shady RAT," a concerted effort by a single hacker or group of hackers, penetrated multiple U.S. government agencies, the United Nations, foreign governments, and many technology companies and defense contractors, a McAfee report disclosed Wednesday.

In all, the Shady RAT attacks took down 72 targets since July 2006, making it perhaps the largest concerted hacking attempt in history. And the attacks weren't snatch-and-grabs; hackers tunneled into the security systems, and in some cases, maintained the intrusion for more than two years.

Government agencies in India, South Korea, Taiwan, and the U.S. were attacked, plus high-profile targets like the International Olympic Committee.

McAfee did not name what it called "the actor," but reports claimed that it was most likely China, given the pattern of attacks against various Olympic committees, plus U.S., Taiwan, and South Korean companies and agencies.

"The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and
immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks," Dmitri Alperovitch, McAfee's vice president of threat research, wrote in the report.

McAfee said it had gained access to a specific command-and-control server used by the Shady RAT group, which allowed its security teams to access the logs used by the hackers, and to determine the scope of the attacks. (RAT refers to a Remote Access Tool.)

According to McAfee, the attacks were orchestrated primarily through spear-phishing, a targeted social attack on an employee or employees, allowing them to take control of the recipient's machine and then move through the network. The phish contained malware that, when downloaded, would connect to the command-and-control server; others in the group would then attack via the infected machine, moving elsewhere through the network and establishing new virtual bases of operations.

The goal didn't appear to be financial information or usernames and passwords, but competitive intelligence that could be used by a government - which McAfee, in a separate study, warned about in March In some cases, the companies attacked may have later blocked the attacks without being aware of their damage.

"...The loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to
mention the national security impact of the loss of sensitive intelligence or defense information," Alperovitch wrote.

McAfee declined to name the affected agencies and businesses, referring to them, for example, as "U.S. State Government #2". All told, however, the attacks totaled four U.S. government agencies; four U.S. state governments, and county governments in both Northern and Southern California and Nevada. Twelve unidentified U.S. defense contractors were attacked. Other targets included a U.S. news operation, think tanks, non-profits, and electronics and solar-power companies.

Agencies and companies in Canada, Denmark, Germany, Indonesia, Singapore, South Korea, and Vietnam were among those attacked, the McAfee report said.

"Although Shady RAT's scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group," Alperovitch concluded. >

"We know of many other successful targeted intrusions (not counting cybercrime-related ones) that we are called in to investigate almost weekly, which impact other companies and industries," Alperovitch added. "This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don't have anything valuable or interesting worth stealing."

About the Author

Mark Hachman Mark joined ExtremeTech in 2001 as the news editor, after rival CMP/United Media decided at the time that online news did not make sense in the new millennium.
Mark stumbled into his career after discovering that writing the great American novel did not pay a monthly salary, and that his other possible career choice, physics, require... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.